<?php
    include_once "config/config.php"; session_start();
    if (isset($_REQUEST['_SESSION']))
    die("Get lost Muppet!");

    $kodas0 = mysql_real_escape_string($_POST['edit_oldPass']);
    $kodas1 = mysql_real_escape_string($_POST['edit_kodas1']);
    $kodas2 = mysql_real_escape_string($_POST['edit_kodas2']);
    $atsakymas = md5(mysql_real_escape_string($_POST['edit_atsakymas']));
    $email = mysql_real_escape_string($_POST['edit_email']);
    $tel = mysql_real_escape_string($_POST['edit_tel']);
    $adresas = mysql_real_escape_string($_POST['edit_adresas']);

    $id = $_SESSION['stalas'];
    $vartotojas = mysql_query("SELECT Password, PasswordAnswer, email, Telefonas, Adresas FROM vartotojai WHERE id='$id'");
    $user = mysql_fetch_array($vartotojas);
   
    if ($kodas0 != '' || $kodas1 != '' || $kodas1 != '') {
        $pass0 = md5($kodas0.'_zemuogiu_sode');
        $pass1= md5($kodas1.'_zemuogiu_sode');
        $pass2 = md5($kodas2.'_zemuogiu_sode');
        
        if ($pass1 == $pass2) {
            if($pass0 == $user['Password']) { 
                if($atsakymas == $user['PasswordAnswer']){ 
                    if($pass1 != $pass0) {
                        mysql_query("UPDATE vartotojai SET Password = '$pass1' WHERE id='$id'");
                    }
                    else { header('Location: userpage.php'); }
                }
                else{ header('Location: userpage.php?error=3'); }
            }
            else{ header('Location: userpage.php?error=3'); }
        }
        else{ header('Location: userpage.php?error=3'); }
    }
    if($email != $user['email']) {
        if($atsakymas == $user['PasswordAnswer']){ 
            $vartotojai = mysql_query("SELECT email FROM vartotojai WHERE email='$email'");
            $row = mysql_fetch_array($vartotojai);
            var_dump($row);die();
            if($row) { header('Location: userpage.php?error=4'); }
            else { 
                mysql_query("UPDATE vartotojai SET email = '$email' WHERE id='$id'");
            }
        }
        else{ header('Location: userpage.php?error=3'); }
    }
    if($tel != $user['Telefonas']) {
        if($atsakymas == $user['PasswordAnswer']){ 
            mysql_query("UPDATE vartotojai SET Telefonas = '$tel' WHERE id='$id'");
        }
        else{ header('Location: userpage.php?error=3'); }
    }
    if($adresas != $user['Adresas']) {
        if($atsakymas == $user['PasswordAnswer']){ 
            mysql_query("UPDATE vartotojai SET Adresas = '$adresas' WHERE id='$id'");
        }
        else{ header('Location: userpage.php?error=3'); }
    }    
?>